e7be4f2cc1b4031bc060d4c9abe5e57557c7aa72dc0b7792cdb91c493f011524

Sharing

Copy URL Twitter E-mail

General

Target

e7be4f2cc1b4031bc060d4c9abe5e57557c7aa72dc0b7792cdb91c493f011524
Size

1.2MB
MD5

87cab37fe6dcd5a5fd7d0d46bb79b9c8
SHA1

acae590c60fb5d7f2d2436ede1265e623542d42a
SHA256

e7be4f2cc1b4031bc060d4c9abe5e57557c7aa72dc0b7792cdb91c493f011524
SHA512

37b3ba648e7a206c1c1c0523158b4fe32528551ff1662f0b5da532255465bb9b7bd87f105d87593b7ad28289a08d0199d614acb5da515ecdebfb5e7bff71c1a0
SSDEEP

24576:xE3amvuqJLwvnGzPzZuyHBp9eg5FoJcP0y6fFg/RmSHcxiZueZBKHaeiuV8a:xE3vQa9zeNiZuoBleie8a

Score

1^/10

Malware Config

Signatures

Files

e7be4f2cc1b4031bc060d4c9abe5e57557c7aa72dc0b7792cdb91c493f011524
.exe windows:6 windows x86 arch:x86

40f1a18618ae2c4c444760dc65517b06

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:92:e4:f5:45:d1:63:3c:22:21:1c:a2:05:74:1c:b4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/09/2022, 00:00

Not After

12/09/2024, 23:59

Subject

CN=Citrix Systems\, Inc.,OU=Citrix SHA256 2022,O=Citrix Systems\, Inc.,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a9:35:8c:72:63:c6:09:e5:bc:20:e9:23:f9:f3:0f:bd:77:eb:e4:b8:82:c8:77:ac:3f:1c:a7:e4:87:4b:3e:8d
Signer

Actual PE Digest

a9:35:8c:72:63:c6:09:e5:bc:20:e9:23:f9:f3:0f:bd:77:eb:e4:b8:82:c8:77:ac:3f:1c:a7:e4:87:4b:3e:8d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\jenkins\workspace\5d508418f401dce8878fdcd51ea79975\CitrixReceiver\src\multimedia\HdxBrowserCef\Release\Win32\pdb\full\exe\HdxBrowserCef.pdb

Imports

ctxmui

CTXMUI_LoadResourceLibraryW

libcef

cef_v8value_create_object
cef_string_list_size
cef_string_list_value
cef_string_list_append
cef_string_map_size
cef_string_map_key
cef_string_map_value
cef_string_map_append
cef_string_multimap_size
cef_string_multimap_key
cef_string_multimap_value
cef_string_multimap_append
cef_string_multimap_alloc
cef_string_multimap_free
cef_request_context_create_context
cef_string_utf16_set
cef_string_utf8_clear
cef_string_utf16_clear
cef_string_utf8_to_utf16
cef_dictionary_value_create
cef_uridecode
cef_parse_url
cef_quit_message_loop
cef_run_message_loop
cef_shutdown
cef_initialize
cef_execute_process
cef_post_task
cef_currently_on
cef_string_list_free
cef_string_list_alloc
cef_string_userfree_utf16_free
cef_log
cef_string_utf16_to_utf8
cef_api_hash
cef_string_utf16_cmp
cef_command_line_create
cef_string_map_free
cef_string_map_alloc
cef_value_create
cef_browser_host_create_browser

ntdll

VerSetConditionMask
RtlUnwind
RtlInitUnicodeString

dbghelp

SymSetSearchPathW
SymCleanup
SymFromAddr
SymGetLineFromAddr64
SymInitialize
SymGetSearchPathW
SymSetOptions

winmm

timeGetTime

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseSRWLockShared
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionEx
CreateMutexW
WaitForSingleObjectEx
InitializeCriticalSection
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
LeaveCriticalSection
AcquireSRWLockExclusive
InitializeSRWLock
AcquireSRWLockShared

oleaut32

OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VariantClear
VariantInit
SysStringLen
SysAllocStringLen
SysFreeString
SysAllocString

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
CreateThread
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
OpenThreadToken
UpdateProcThreadAttribute
GetCurrentThread
TlsFree
GetThreadId
TlsGetValue
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
CreateProcessAsUserW
SetThreadToken
GetCurrentProcessId
ExitProcess
OpenProcessToken
GetStartupInfoW
CreateRemoteThread
TerminateProcess

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleA
GetModuleHandleExW
FreeLibrary
LoadLibraryExA
GetModuleHandleW
LoadLibraryExW
LockResource
GetModuleFileNameW
LoadResource
SetDefaultDllDirectories
LoadStringW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-heap-l2-1-0

GlobalFree
GlobalAlloc
LocalAlloc
LocalFree

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-ntuser-sysparams-l1-1-0

GetMonitorInfoW
GetSystemMetrics

api-ms-win-core-string-l1-1-0

CompareStringEx
WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoGetObjectContext
CoGetClassObject
CreateStreamOnHGlobal
CoTaskMemFree
CLSIDFromProgID
CoTaskMemAlloc
StringFromGUID2
CLSIDFromString
CoGetApartmentType

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsW
TraceMessage
GetTraceEnableFlags

api-ms-win-core-handle-l1-1-0

SetHandleInformation
CloseHandle
DuplicateHandle

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
GetCommandLineA
GetStdHandle
GetEnvironmentVariableW
GetCommandLineW
ExpandEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-localization-l1-2-0

GetUserDefaultLCID
GetUserDefaultLocaleName
LCMapStringW
GetCPInfo
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
LCMapStringEx
IsValidCodePage
FormatMessageW
GetACP
GetOEMCP
GetUserDefaultLangID

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
WakeConditionVariable
SleepConditionVariableSRW
InitializeConditionVariable
InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW

api-ms-win-core-file-l1-1-0

GetLongPathNameW
GetFileAttributesW
GetFileSizeEx
SetFilePointerEx
GetFileType
WriteFile
ReadFile
CreateFileW
FindFirstFileExW
FindNextFileW
FindClose
CreateFileA
FlushFileBuffers

api-ms-win-core-namedpipe-l1-1-0

CreateNamedPipeW
WaitNamedPipeW
DisconnectNamedPipe
ConnectNamedPipe
SetNamedPipeHandleState

api-ms-win-core-heap-l1-1-0

HeapSize
HeapReAlloc
GetProcessHeaps
HeapDestroy
HeapSetInformation
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
GetSecurityDescriptorSacl
GetTokenInformation
IsValidSecurityDescriptor
GetSecurityDescriptorOwner
GetAce
GetSecurityDescriptorControl
FreeSid
EqualSid
CopySid
GetSecurityDescriptorGroup
RevertToSelf
IsValidSid
IsValidAcl
InitializeAcl
GetLengthSid
AddMandatoryAce
SetTokenInformation
DuplicateTokenEx
InitializeSecurityDescriptor
GetSecurityDescriptorDacl

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetOverlappedResult
CancelIoEx

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-namedpipe-ansi-l1-1-0

WaitNamedPipeA

api-ms-win-core-job-l2-1-0

SetInformationJobObject
CreateJobObjectW

api-ms-win-core-registry-l2-1-0

RegDisablePredefinedCache

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetLocalTime
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-processthreads-l1-1-2

SetThreadInformation

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
VirtualProtectEx
MapViewOfFile
VirtualQuery
ReadProcessMemory
UnmapViewOfFile
VirtualFreeEx
VirtualAlloc
VirtualFree
VirtualAllocEx
VirtualQueryEx
WriteProcessMemory

api-ms-win-core-processthreads-l1-1-1

GetProcessHandleCount
FlushInstructionCache
GetProcessMitigationPolicy
GetCurrentProcessorNumber
SetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
GetProductInfo

api-ms-win-core-processtopology-obsolete-l1-1-0

SetThreadAffinityMask

api-ms-win-core-localization-l1-2-1

EnumSystemLocalesEx

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

userenv

CreateAppContainerProfile
DeriveAppContainerSidFromAppContainerName

api-ms-win-security-provider-l1-1-0

GetSecurityInfo
SetSecurityInfo
GetNamedSecurityInfoW
SetEntriesInAclW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

kernel32

SetProcessDEPPolicy
TerminateJobObject
QueryDosDeviceW
GlobalHandle
GetNamedPipeClientProcessId
QueryInformationJobObject

user32

GetWindowRect
SetWindowContextHelpId
ClientToScreen
ScreenToClient
MapWindowPoints
GetSysColor
FillRect
IntersectRect
OffsetRect
IsRectEmpty
PtInRect
GetWindowLongW
CreateAcceleratorTableW
GetClientRect
ReleaseCapture
SetCapture
GetFocus
SetFocus
SendDlgItemMessageW
SetWindowLongW
GetDesktopWindow
GetParent
SetParent
EnumChildWindows
GetClassNameA
GetClassNameW
GetWindow
LoadCursorW
MapDialogRect
MonitorFromWindow
GetWindowTextLengthW
MsgWaitForMultipleObjects
CloseDesktop
CloseWindowStation
GetWindowTextW
CreateWindowStationW
GetThreadDesktop
SetProcessWindowStation
CreateDesktopW
GetUserObjectInformationW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
IsWindowVisible
SetWindowPos
MoveWindow
ShowWindow
DestroyWindow
IsChild
IsWindow
GetWindowTextA
SetWindowTextW
RedrawWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
PostMessageW
SendMessageW
InvalidateRgn
RegisterWindowMessageW
UnregisterClassW
InvalidateRect
SetWindowRgn
EndPaint
BeginPaint
ReleaseDC
GetDC
UpdateWindow
GetProcessWindowStation
DestroyAcceleratorTable

gdi32

ExtCreateRegion
GetDeviceCaps
CreateSolidBrush
SelectObject
GetObjectW
DeleteObject
DeleteDC
CreateRectRgn
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
GetStockObject

advapi32

MapGenericMask
CreateRestrictedToken
AccessCheck
BuildTrusteeWithSidW

ole32

OleInitialize
OleUninitialize
OleLockRunning

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-core-console-l1-1-0

WriteConsoleW
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP

Exports

Exports

GetHandleVerifier
IsSandboxedProcess

Sections

.text
Size: 932KB - Virtual size: 931KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40f1a18618ae2c4c444760dc65517b06

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:92:e4:f5:45:d1:63:3c:22:21:1c:a2:05:74:1c:b4Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

a9:35:8c:72:63:c6:09:e5:bc:20:e9:23:f9:f3:0f:bd:77:eb:e4:b8:82:c8:77:ac:3f:1c:a7:e4:87:4b:3e:8dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ctxmui

libcef

ntdll

dbghelp

winmm

api-ms-win-core-util-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

oleaut32

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-heap-l2-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-localization-l1-2-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-namedpipe-ansi-l1-1-0

api-ms-win-core-job-l2-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-wow64-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-memory-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-processtopology-obsolete-l1-1-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-profile-l1-1-0

userenv

api-ms-win-security-provider-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:92:e4:f5:45:d1:63:3c:22:21:1c:a2:05:74:1c:b4
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

a9:35:8c:72:63:c6:09:e5:bc:20:e9:23:f9:f3:0f:bd:77:eb:e4:b8:82:c8:77:ac:3f:1c:a7:e4:87:4b:3e:8d
Signer

.text
Size: 932KB - Virtual size: 931KB

.rdata
Size: 181KB - Virtual size: 181KB

.data
Size: 16KB - Virtual size: 25KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 50KB - Virtual size: 49KB